Privilege Abuse Allows Non-Admin to Disable Palo Alto GlobalProtect on macOS: CVE-2025-0140 July 2025

Privilege Abuse Allows Non-Admin to Disable Palo Alto GlobalProtect on macOS
CVE-2025-0140 Published on July 9, 2025

GlobalProtect App: Non Admin User Can Disable the GlobalProtect App
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.

Timeline

2025-07-09

Initial Publication

2025-07-28

Decoupled GlobalProtect Linux app from this advisory. For Linux, see CVE-2025-2179 19 days later.

Weakness Type

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Products Associated with CVE-2025-0140

Want to know whenever a new CVE is published for Palo Alto Networks Globalprotect? stack.watch will email you.

Affected Versions

Version 6.3.0 and below 6.3.3-h1 (6.3.3-c650) is affected.

Version 6.2.0 and below 6.2.8-h2 (6.2.8-c243) is affected.

Version 6.1.0 is affected.

Version 6.0.0 is affected.

Version All is unaffected.

Exploit Probability

EPSS

0.02%

Percentile

5.47%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.